Cross-Site Scripting Vulnerability in Oracle Application Server Discussion Forum Portlet
CVE-2005-4549

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Discussion Forum Portlet
Vendor: CVE Published:; 28 December 2005

What is CVE-2005-4549?

The Oracle Application Server Discussion Forum Portlet is susceptible to a cross-site scripting vulnerability. This issue arises when the application improperly sanitizes user input, particularly in the RowKeyValue parameter and the title and content fields used for creating forum articles. As a result, remote attackers can exploit this flaw by injecting arbitrary web scripts or HTML, potentially leading to the execution of malicious scripts in the context of the victim's browser.

References

http://securityreason.com/securityalert/298

third-party-advisoryx_refsource_SREASON

http://marc.info/?l=full-disclosure&m=113532626203708&w=2

mailing-listx_refsource_FULLDISC

http://securitytracker.com/id?1015405

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2005
Vulnerability Reserved
Dec 28, 2005